Domain 7 of 8 · Chapter 12 of 15

DR Testing

Unlock the complete study guide + 1,040 practice questions across 16 full exams.

Bundled into the existing Certified Information Systems Security Professional premium course — no separate purchase.

Included in this chapter:

  • The test ladder: why rigor and risk rise together
  • Each test type in detail
  • Running tests well: cadence, ownership, and closing the loop
  • Exam-pattern recognition

The five DR plan test types, from least to most rigorous and disruptive

Test typeWhat it exercisesTouches real systems?Operational risk / costWhen to use
Read-through (checklist)Owners review the plan on paper for currency and completenessNo: paper onlyLowest; run most oftenRoutine maintenance check; first pass on any plan
Structured walk-through (tabletop)Team discusses roles against a facilitator's scenarioNo: discussion only, no equipmentVery lowSurface role/coordination gaps before any live test
SimulationTeam acts out a disaster scenario in a mock setting; no real recoveryNo: simulated environmentLow–moderateRehearse response and notifications without disrupting production
ParallelRecovery site activated and runs real workloads alongside productionYes: recovery site onlyModerate; no production riskProve the recovery site produces correct results without cutover
Full-interruption (full-scale)Production halted; business fails over to the recovery site for realYes: production and recovery siteHighest; can cause a real outageFinal end-to-end proof; mature plan, management-accepted risk

Decision tree

Plan new or recently changed,or first test?YesRead-through (checklist),then walk-through (tabletop)NoTouch real systems and acceptoperational risk?NoSimulation: act out the scenario ina mock setting, no real recoveryYesTake production down and cut overto the recovery site?NoParallel: recovery site runs real workloadsalongside production, no cutoverYes, plan mature +risk acceptedFull-interruption (full-scale):fail the live business over for realAlways: feed every finding into a plan update

Cheat sheet

  • Order the DR test ladder cold: read-through, walk-through/tabletop, simulation, parallel, full-interruption
  • Rigor and operational risk rise together up the ladder because proving more means touching more real systems
  • Full-interruption is the most thorough test and the riskiest: it can cause a real outage
  • Full-interruption needs formal management risk acceptance before it is scheduled
  • A parallel test proves the recovery site without ever cutting production over
  • Use full-interruption for maximum assurance; parallel when production must stay safe
  • A read-through (checklist) test is paper review only: cheapest and run most often
  • A tabletop (structured walk-through) test is discussion only: no equipment is deployed
  • A simulation test acts out the scenario in a mock setting but performs no real recovery
  • The deploy-equipment line sits between simulation and the two bottom rungs
  • Every test exists to find weaknesses and feed plan updates: a test with no corrective action is wasted
  • After a test finishes, the next step is to update the plan, not to schedule the next-higher test
  • Match the test rung to the system's criticality: higher availability demands a higher rung
  • Test on a planned cadence and after any significant change: an untested change is an untested plan
  • Start a new or just-changed plan low on the ladder, not with a live test
  • DR testing validates the chosen recovery strategy; it does not select the site or set RTO/RPO
  • DR testing rehearses the recovery process; it is not the live disaster recovery itself
  • DR testing is narrower than business-continuity exercising

Unlock with Premium — includes all practice exams and the complete study guide.

References

  1. Contingency Planning Guide for Federal Information Systems (NIST SP 800-34 Rev. 1): §3.5 Plan Testing, Training, and Exercises; App. E (CP-4) Whitepaper